Traditionally, network administrators would try to handle them in house with server rules and incredibly expensive hardware specialized in handling high load. However, these approaches are fundamentally limited by the infrastructure layers above them, making them all but useless in today's massively distributed tech landscape.

To properly address DDoS attacks these days, you need a lot of muscle to filter out bad traffic, and that's power that is both inefficient to build per site, and impractical. Security proxy services are a layer between your server and web traffic, with powerful machines for analyzing and scrubbing bad traffic from good traffic in the Tbps capacity range. It's their job to stay up to date with the latest exploits, recognize new threat trends in their customer's traffic, and ultimately protect the sites under their umbrella from attackers.

Because of their prime position in the traffic pipeline, they are also highly suited for providing DNS and CDN services which they regularly do.

DDoS protection is a rapidly changing game, with new attack techniques constantly being generated. Track record is an important factor to take in. While bigger doesn't always mean better, the more diverse the web sites a proxy service manages, the more data they have to analyze various threats, and base a wider umbrella of protection on.

Layer 3 and 4 attacks are those that happen at the network and transport layers, which is generally below the level of abstraction you're working at. This includes, for example, reflection attacks that take advantage of weaknesses in TCP or UDP by spoofing the target's IP and requesting a response from another legitimate server.

Layer 7, or Application Layer attacks are generally the more familiar kinds of DDoS attacks, such as those trying to overload a server's resources by masquerading as a flood of legitimate HTTP requests. Because a good Layer 7 attack tries to look like legitimate traffic, customized rules may be needed to filter them out on a case by case basis, to help the security proxy know which requests are suspicious.